Posted on

07-Sep-2009

zend mm heap corrupted
The very basic page of WordPress 2.6.3 – default, nothing fancy, will appear without a problem. at least, there is not a lot of data, and it appears rather fast, even on the emulator. Entering the admin pages may result in crash of the PHPWASD instance that executes part of the code – and the element it took care of, ends with the message “zend mm heap corrupted”:

But after I enabled logging in php.ini, less frequent. Weird. I’ll have to ask others about this.
However, trying to upload an image fails, without warning – and without an entry is a logfile; such a file isn’t even created, but that may be a matter of configuration. The PHPWASD process that still exists, will do little. It doesn’t crash, but no data is returned, and the browser will eventually run into a timeout. It may be storage of the file isn’t allowed yet, so I’ll need to look into that before pointing to PHP, PHPWASD or WP to blame. That’s for the next attempt.
I found some workaround on the internet yesterday but I couldn’t locate that page today….

Access to the database is, as far as I have tested so far, not a problem. Slow, but that can be expected.

Thought:These “zend mm heap corrupted” messages appear where this version of PHP runs into “Stack overflow”. Would that tell a story?? It may be worthwhile to mention it to the people of PHP (though they don’t know anything about VMS…)

Posted on

06-Sep-2009

More testing
Last time, I found a few issues in WordPress that I have encountered before, and tonight I intended to reproduce, and possible solve them.
As it turned out, changing the password succeeded, so the error I got last time, must have come from the code that is executed after database access. That limits the search of the cause, which is good. But both PHPMyAdmin and WordPress, ran into a new error: “zend mm heap corrupted”. I’ve seen that last time but didn’t pay attention to that at the moment – as VSM complained about stack overflow: one more issue that I have today as well – but luckily, only in the admin pages :).
I searched Google, and found this is a known issue for as long time, not related to operating system (it occurs in Windows, Linux and Solaris) or application (PhpMyAdmin, home-brewn code and others). The error causes Apache to crash. I think the running PHPWASD image dows as well.
A possible cause has been suggested (race condition, making it hard to locate) but a solution has not been given – yet.
But I had to stop investigations, for security reasons. To speed things up, I had to stop the emulator.
Google’s dangers
I found yet another ‘problem’ when accessing some of the pages that show up in Google, and that caused e to stop for tonight. It happens that a page that shows up in Google doesn’t exist any more – one of the results caused a ‘404 – page not found’ error. But more worrying is that the next pages run into a PHP script that pretends to scan your system and may even do harm:

  • rezacinteract.com/dgysf/mwgyd/corrupted.php
  • forgottenancestors.com/ftzns/yhiag/corrupted.php
  • quepasaenmicasa.net/maiea/totph/heap.php
  • robertlunaphotography.com/zsfie/uqgpb/heap.php
  • andrewscottjohnson.com/jwean/zacdc/heap.php


    • These four are on top of the list, likely to be accessed and _pretending_ a scan is done. It shows that way, at least, and popping up some malware found. I haven’t run it to the end, and I don’t have screen-images, for obvious reasons. I ran a full scan to be sure no malware has been installed; it didn’t reveal anything bad, but it stopped my investigations for tonight.

    I warned the site owners where I could contact them. But quepasaenmicasa.net doesn’t show contact informatyion and forgottenancestors.com doesn’t accept mail: user unknown.

    Google is nice for searching information, but this shows the danger of the tool. You won’t notice malware until it’s too late.